This host is running Cybozu Office, Cybozu Garoon, Cybozu Dezie or Cybozu MailWise and is prone to cross site scripting vulnerability.

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Upgrade to Cybozu Garoon version 2.5.0, Cybozu Office version 7 Cybozu Dezie version 6.1, Cybozu Mailwise version 3.1 or later. For updates refer to http://products.cybozu.co.jp/

The flaw is caused by improper validation of unspecified input related to downloading images from the mail system, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Cybozu Office version 6 Cybozu Dezie versions before 6.1 Cybozu MailWise versions before 3.1 Cybozu Garoon versions 2.0.0 through 2.1.3

• http://jvn.jp/en/jp/JVN54074460/index.html
• http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html
• http://osvdb.org/73317
• http://secunia.com/advisories/45043

---

Updated on 2015-03-25